With the development of smartphones, mobile phone applications applicable to the smartphones also increasingly grow in quantity, where a large part of the mobile phone applications are paid applications, that is, they can be used only when users pay corresponding fees. However, not all application developers of paid applications qualify for online payment, which requires that an online payment agent provides an online payment proxy service for a paid application not qualifying for online payment by using a payment proxy server. However, when the payment proxy server provides the online payment proxy service, an cooperating paid application needs to be integrated with a payment open SDK (Software Development Kit, software development kit) provided by the online payment agent, and then input of information about a bank card of a user and submittal of a payment request are completed by using the payment open SDK. However, some malicious paid applications may tamper the payment open SDK provided by the online payment agent. User information such as a bank card number and password of a user are intercepted when the user completes input of information about the bank card number and the password and are sent to a third-party server, and then unauthorized online payment is performed online by using the obtained information. Therefore, by using this online payment method, security of the user information is relatively low, and capital security of the user may be impaired.